﻿<!--#include file="../../include/config.asp"-->
<!--#include file="../../include/conn3.asp"-->
<%
'先判断系统是否允许该ip访问
Set rs = Server.CreateObject("ADODB.Recordset") 
sql="select * from config WHERE config_key=Fqsl_isLock "
rs.open sql,conn,1,1
isLock=rs("config_value")
rs.close
if isLock="1" then
	dim SqlIn_IP  
	SqlIn_IP = Request.ServerVariables("REMOTE_ADDR") 
	Set rs = Server.CreateObject("ADODB.Recordset") 
	sql="select * from sqlin where SqlIn_IP='"&SqlIn_IP&"' and kill_ip=true"  
	rs.open sql,conn,1,1  
	if rs.recordcount>3 then 
	  response.Write"<script>{window.alert('你的IP已被封锁，请与管理员联系');location.href='http://skb.jnu.edu.cn';}</script>"  
	 Response.End  
	 end if 
 end if
 set rs=nothing
%>
<!--#include file="login_Fsql.asp"-->
<!--#include file="../../include/md5.asp"-->
<%
dim sql,rs
dim username,password,CheckCode
username=replace(trim(Request("username")),"'","")
password=replace(trim(Request("password")),"'","")
CheckCode=replace(trim(Request("code")),"'","")
if CheckCode="" then
    FoundErr=True 
	response.Write"<script>{window.alert('验证码不能为空');window.history.back();}</script>"
	Response.End
end if
if CheckCode<>CStr(session("GetCode")) then
	FoundErr=True 
	response.Write"<script>{window.alert('验证码错误');window.history.back();}</script>"
	Response.End
end if
if session("GetCode")="" then
    FoundErr=True 
    response.Write"<script>{window.alert('登录时间过长，请重新返回登录页面进行登录。');window.location.href='../login.asp';}</script>"
	Response.End
end if
if username="" then
    FoundErr=True 
	response.Write"<script>{window.alert('用户名不能为空');window.history.back();}</script>"
	Response.End
end if
if password="" then
    FoundErr=True 
	response.Write"<script>{window.alert('密码不能为空');window.history.back();}</script>"
	Response.End
end if
if FoundErr<>True then
	passwordmd5=md5(password)
	set rs=server.createobject("adodb.recordset")
	sql="SELECT * FROM admin WHERE password='"&passwordmd5&"' and username='"&username&"'"
	rs.open sql,conn,1,3
	if rs.bof and rs.eof then
		FoundErr=True
		rs.close
		response.Write"<script>{window.alert('用户名或密码错误');window.history.go(-1);}</script>"
		Response.End
	else
		RndPassword=GetRndPassword(16)
		rs("lastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
		rs("lastLoginTime")=now()
		rs("logTimes")=rs("logTimes")+1
		rs("RndPassword")=RndPassword
		rs.update
		session.Timeout=SessionTimeout
		session("AdminName")=rs("username")
		session("AdminPassword")=rs("password")		
		session("RndPassword")=RndPassword
		session("osright")=rs("usertype")
		session("logKEY")="_administrator"
		'登陆成功写入登陆日志
		conn.execute("Insert Into userlog(username,logIP) Values('"& rs("username") & "','" & rs("lastLoginIP") & "')")			
		rs.close
		set rs=nothing
		call CloseConn()
		Response.Redirect "../main.asp"
	end if

	rs.close
	set rs=nothing
end if
call CloseConn()

Function GetRndPassword(PasswordLen)
	Dim Ran,i,strPassword
	strPassword=""
	For i=1 To PasswordLen
		Randomize
		Ran = CInt(Rnd * 2)
		Randomize
		If Ran = 0 Then
			Ran = CInt(Rnd * 25) + 97
			strPassword =strPassword & UCase(Chr(Ran))
		ElseIf Ran = 1 Then
			Ran = CInt(Rnd * 9)
			strPassword = strPassword & Ran
		ElseIf Ran = 2 Then
			Ran = CInt(Rnd * 25) + 97
			strPassword =strPassword & Chr(Ran)
		End If
	Next
	GetRndPassword=strPassword
End Function
%>